deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

serial number support is not at compile time

Browse Source
This commit is contained in:
NIIBE Yutaka
2011-02-08 14:20:20 +09:00
parent 21bcf76d36
commit 677fc00489
10 changed files with 179 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/config.h.in
View File

@@ -2,7 +2,6 @@
#ifdef DEBUG
#define ENABLE_VIRTUAL_COM_PORT 1
#endif
@SERIAL_DEFINE@
@DFU_DEFINE@
@PINPAD_DEFINE@
@PINPAD_MORE_DEFINE@

21
src/configure vendored
View File

@@ -24,7 +24,6 @@ help=no
target=OLIMEX_STM32_H103
verbose=no
with_dfu=default
with_fixed_serial=no
debug=no
pinpad=no
@@ -62,10 +61,6 @@ for option; do
with_dfu=yes ;;
--without-dfu)
with_dfu=no ;;
--with-fixed-serial)
with_fixed_serial=yes ;;
--without-fixed-serial)
with_fixed_serial=no ;;
*)
echo "Unrecognized option \`$option'" >&2
echo "Try \`$0 --help' for more information." >&2
@@ -94,7 +89,6 @@ Configuration:
--enable-pinpad={cir,dial}
PIN input device support [no]
--with-dfu build image for DFU [<target specific>]
--with-fixed-serial Use fixed serial number [no: chip unique ID]
EOF
exit 0
fi
@@ -135,20 +129,6 @@ STM8S_DISCOVERY)
;;
esac
# --with-fixed-serial option
if test "$with_fixed_serial" = "no"; then
echo "Using chip unique ID for card AID"
SERIAL_DEFINE="#undef SERIAL_NUMBER_IN_AID"
else
echo "Using fixed serial number (at compile time) for card AID"
if test "x$MAIL" = "x"; then
echo "ERROR: Please set MAIL shell variable to select FSIJ serial number" >&2
exit 1
fi
SERIAL=`sed -n -e "/^$MAIL/s/^.* \(..\):\(..\):\(..\):\(..\)/0x\1, 0x\2, 0x\3, 0x\4/p" ../FSIJ_SERIAL_NUMBER`
SERIAL_DEFINE="#define SERIAL_NUMBER_IN_AID $SERIAL"
fi
# --enable-debug option
if test "$debug" = "yes"; then
DEBUG_MAKE_OPTION="ENABLE_DEBUG=1"
@@ -201,6 +181,5 @@ sed -e "s/@DEBUG_DEFINE@/$DEBUG_DEFINE/" \
-e "s/@PINPAD_DEFINE@/$PINPAD_DEFINE/" \
-e "s/@PINPAD_MORE_DEFINE@/$PINPAD_MORE_DEFINE/" \
-e "s/@DFU_DEFINE@/$DFU_DEFINE/" \
-e "s/@SERIAL_DEFINE@/$SERIAL_DEFINE/" \
< config.h.in > config.h
exit 0

5
src/flash.c
View File

@@ -646,6 +646,11 @@ flash_write_binary (uint8_t file_id, const uint8_t *data,
maxsize = FLASH_PAGE_SIZE;
p = &random_bits_start;
}
else if (file_id == FILEID_SERIAL_NO)
{
maxsize = 6;
p = &openpgpcard_aid[8];
}
else
return -1;

3
src/gnuk.h
View File

@@ -118,6 +118,7 @@ extern void flash_reset_counter (uint8_t counter_tag_nr);
#define FILEID_CH_CERTIFICATE 0
#define FILEID_RANDOM 1
#define FILEID_SERIAL_NO 2
extern int flash_erase_binary (uint8_t file_id);
extern int flash_write_binary (uint8_t file_id, const uint8_t *data, uint16_t len, uint16_t offset);
@@ -305,7 +306,7 @@ extern uint8_t pw1_keystring[KEYSTRING_SIZE_PW1];
#define OPENPGP_CARD_INITIAL_PW3 "12345678"
#endif
extern const uint8_t openpgpcard_aid[17] __attribute__ ((aligned (1)));
extern const uint8_t openpgpcard_aid[14];
extern int gpg_get_pw1_lifetime (void);

40
src/openpgp-do.c
View File

@@ -406,23 +406,17 @@ do_kgtime_all (uint16_t tag, int with_tag)
return 1;
}
const uint8_t openpgpcard_aid_template[] = {
const uint8_t openpgpcard_aid[] = {
0xd2, 0x76, 0x00, 0x01, 0x24, 0x01,
0x02, 0x00, /* Version 2.0 */
#if defined(SERIAL_NUMBER_IN_AID)
0xf5, 0x17, /* Manufacturer: FSIJ */
SERIAL_NUMBER_IN_AID
#else
0xff, 0xfe, /* Random bytes */
#endif
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* To be overwritten */
/* v. id */ /* serial number */
};
static int
do_openpgpcard_aid (uint16_t tag, int with_tag)
{
#if !defined(SERIAL_NUMBER_IN_AID)
const uint8_t *u = unique_device_id ();
#endif
const uint16_t *vid_p = (const uint16_t *)&openpgpcard_aid[8];
if (with_tag)
{
@@ -430,14 +424,28 @@ do_openpgpcard_aid (uint16_t tag, int with_tag)
*res_p++ = 16;
}
memcpy (res_p, openpgpcard_aid_template, sizeof (openpgpcard_aid_template));
res_p += sizeof (openpgpcard_aid_template);
#if !defined(SERIAL_NUMBER_IN_AID)
memcpy (res_p, u, 4);
res_p += 4;
#endif
if (*vid_p == 0xffff || *vid_p == 0x0000)
{
const uint8_t *u = unique_device_id ();
memcpy (res_p, openpgpcard_aid, 8);
res_p += 8;
/* vid == 0xfffe: serial number is random byte */
*res_p++ = 0xff;
*res_p++ = 0xfe;
memcpy (res_p, u, 4);
res_p += 4;
}
else
{
memcpy (res_p, openpgpcard_aid, 14);
res_p += 14;
}
*res_p++ = 0;
*res_p++ = 0;
return 1;
}

64
src/openpgp.c
View File

@@ -38,6 +38,7 @@
#define INS_SELECT_FILE 0xa4
#define INS_READ_BINARY 0xb0
#define INS_GET_DATA 0xca
#define INS_WRITE_BINARY 0xd0
#define INS_UPDATE_BINARY 0xd6
#define INS_PUT_DATA 0xda
#define INS_PUT_DATA_ODD 0xdb /* For key import */
@@ -916,6 +917,68 @@ cmd_update_binary (void)
}
static void
cmd_write_binary (void)
{
int len = cmd_APDU[4];
int data_start = 5;
uint16_t offset;
int r;
if (len == 0)
{
len = (cmd_APDU[5]<<8) | cmd_APDU[6];
data_start = 7;
}
DEBUG_INFO (" - WRITE BINARY\r\n");
if (gpg_passwd_locked (PW_ERR_PW3) || !ac_check_status (AC_ADMIN_AUTHORIZED))
{
DEBUG_INFO ("security error.");
GPG_SECURITY_FAILURE ();
return;
}
if ((cmd_APDU[2] & 0x80))
if ((cmd_APDU[2] & 0x7f) == FILEID_SERIAL_NO)
{
file_selection = FILE_EF_CH_CERTIFICATE + (cmd_APDU[2] & 0x7f);
offset = 0;
}
else
{
GPG_NO_FILE ();
return;
}
else
{
if (file_selection != FILEID_SERIAL_NO)
{
GPG_COMMAND_NOT_ALLOWED ();
return;
}
offset = (cmd_APDU[2] << 8) | cmd_APDU[3];
}
DEBUG_SHORT (len);
DEBUG_SHORT (offset);
r = flash_write_binary (file_selection - FILE_EF_CH_CERTIFICATE,
&cmd_APDU[data_start], len, offset);
if (r < 0)
{
DEBUG_INFO ("memory error.\r\n");
GPG_MEMORY_FAILURE ();
return;
}
GPG_SUCCESS ();
DEBUG_INFO ("WRITE BINARY done.\r\n");
}
struct command
{
uint8_t command;
@@ -932,6 +995,7 @@ const struct command cmds[] = {
{ INS_SELECT_FILE, cmd_select_file },
{ INS_READ_BINARY, cmd_read_binary },
{ INS_GET_DATA, cmd_get_data },
{ INS_WRITE_BINARY, cmd_write_binary}, /* Not in OpenPGP card protocol */
{ INS_UPDATE_BINARY, cmd_update_binary }, /* Not in OpenPGP card protocol */
{ INS_PUT_DATA, cmd_put_data },
{ INS_PUT_DATA_ODD, cmd_put_data },